discourse-legacysite-perl/site/racecalendar/wiki_validate_X.php

<?PHP 

// do I need to do additional security checks to make sure the script is being called appropriately?

include("config.php");

if (!$_POST){ header('Location: https://slowtwitch.com/calendar/'); }

// error checking
if(!isset($_POST)) exit();

if (isset($_POST[delete])) {	
	// convert the array to a SQL friendly format
	$deleteList = "(".implode(",", $_POST[delete]).")";
	
	// build the SQL query to delete the edits that are bad
	$sql = "DELETE FROM gforum_TriathlonsEdits WHERE edit_id IN $deleteList";
			  
	mysql_query($sql) or die(mysql_error());
}

if (isset($_POST[validate])) {
	// convert the array to a SQL friendly format
	$validateList = "(".implode(",", $_POST[validate]).")";
	
	$sql = "SELECT * FROM gforum_TriathlonsEdits WHERE edit_id IN $validateList";
	
	$results = mysql_query($sql) OR die(mysql_error());
	
	// Loop through races shifting edits over
	while($row = mysql_fetch_array($results)) {
		$sql = "UPDATE gforum_Triathlons
					SET onetype = '".mysql_escape_string($row[onetype])."', 
						twotype = '".mysql_escape_string($row[twotype])."',
						threetype = '".mysql_escape_string($row[threetype])."',
						oneunit = '".mysql_escape_string($row[oneunit])."',
						twounit = '".mysql_escape_string($row[twounit])."',
						threeunit = '".mysql_escape_string($row[threeunit])."',
						name = '".mysql_real_escape_string($row[name])."',
						nametag = '".mysql_real_escape_string($row[nametag])."',
						date = '".mysql_escape_string($row[date])."',
						type = '".mysql_escape_string($row[type])."',
						indivfee = '".mysql_real_escape_string($row[indivfee])."',
						teamfee = '".mysql_real_escape_string($row[teamfee])."',
						swim = ".mysql_real_escape_string($row[swim]).",
						bike = ".mysql_real_escape_string($row[bike]).",
						bike_surface = ".mysql_real_escape_string($row[bike_surface]).",
						draft_legal = ".mysql_real_escape_string($row[draft_legal]).",
						kids_race = ".mysql_real_escape_string($row[kids_race]).",
						registration = ".mysql_real_escape_string($row[registration]).",
						run = ".mysql_real_escape_string($row[run]).",
						state= '".mysql_real_escape_string($row[state])."',
						statetag = '".mysql_real_escape_string($row[statetag])."',
						city = '".mysql_real_escape_string($row[city])."',
						address = '".mysql_real_escape_string($row[address])."',
						phone = '".mysql_real_escape_string($row[phone])."',
						email = '".mysql_real_escape_string($row[email])."',
						courseinfo = '".mysql_real_escape_string($row[courseinfo])."',
						moreinfo = '".mysql_real_escape_string($row[moreinfo])."',
						directions = '".mysql_real_escape_string($row[directions])."',
						register = '".mysql_real_escape_string($row[register])."',
						website = '".mysql_real_escape_string($row[website])."',
						one_points = ".mysql_real_escape_string($row[one_points]).",
						two_points = ".mysql_real_escape_string($row[two_points]).",
						three_points = ".mysql_real_escape_string($row[three_points]).",
						points = ".mysql_real_escape_string($row[points]).",
						pointclass = ".mysql_real_escape_string($row[pointclass])."
						WHERE uid = '".($row[race_uid_fk])."'";
		//echo $sql;
		//exit();
		mysql_query($sql) OR die(mysql_error());
		
		$sql = "INSERT INTO gforum_TriathlonsEditors (race_uid_fk, user_id_fk, edit_timestamp) VALUES ('$row[race_uid_fk]', '$row[editor_user_id_fk]', '$row[edit_timestamp]')";
		mysql_query($sql) OR die(mysql_error());
		
		$sql = "DELETE FROM gforum_TriathlonsEdits WHERE edit_id = $row[edit_id]";
		mysql_query($sql) OR die(mysql_error());
		
	}
	
}


header('Location: https://slowtwitch.com/calendar/wiki_validate.php');

?>
Fifth pass at adding key files 2024-06-17 12:42:14 +00:00			`<?PHP`

			`// do I need to do additional security checks to make sure the script is being called appropriately?`

			`include("config.php");`

			`if (!$_POST){ header('Location: https://slowtwitch.com/calendar/'); }`

			`// error checking`
			`if(!isset($_POST)) exit();`

			`if (isset($_POST[delete])) {`
			`// convert the array to a SQL friendly format`
			`$deleteList = "(".implode(",", $_POST[delete]).")";`

			`// build the SQL query to delete the edits that are bad`
			`$sql = "DELETE FROM gforum_TriathlonsEdits WHERE edit_id IN $deleteList";`

			`mysql_query($sql) or die(mysql_error());`
			`}`

			`if (isset($_POST[validate])) {`
			`// convert the array to a SQL friendly format`
			`$validateList = "(".implode(",", $_POST[validate]).")";`

			`$sql = "SELECT * FROM gforum_TriathlonsEdits WHERE edit_id IN $validateList";`

			`$results = mysql_query($sql) OR die(mysql_error());`

			`// Loop through races shifting edits over`
			`while($row = mysql_fetch_array($results)) {`
			`$sql = "UPDATE gforum_Triathlons`
			`SET onetype = '".mysql_escape_string($row[onetype])."',`
			`twotype = '".mysql_escape_string($row[twotype])."',`
			`threetype = '".mysql_escape_string($row[threetype])."',`
			`oneunit = '".mysql_escape_string($row[oneunit])."',`
			`twounit = '".mysql_escape_string($row[twounit])."',`
			`threeunit = '".mysql_escape_string($row[threeunit])."',`
			`name = '".mysql_real_escape_string($row[name])."',`
			`nametag = '".mysql_real_escape_string($row[nametag])."',`
			`date = '".mysql_escape_string($row[date])."',`
			`type = '".mysql_escape_string($row[type])."',`
			`indivfee = '".mysql_real_escape_string($row[indivfee])."',`
			`teamfee = '".mysql_real_escape_string($row[teamfee])."',`
			`swim = ".mysql_real_escape_string($row[swim]).",`
			`bike = ".mysql_real_escape_string($row[bike]).",`
			`bike_surface = ".mysql_real_escape_string($row[bike_surface]).",`
			`draft_legal = ".mysql_real_escape_string($row[draft_legal]).",`
			`kids_race = ".mysql_real_escape_string($row[kids_race]).",`
			`registration = ".mysql_real_escape_string($row[registration]).",`
			`run = ".mysql_real_escape_string($row[run]).",`
			`state= '".mysql_real_escape_string($row[state])."',`
			`statetag = '".mysql_real_escape_string($row[statetag])."',`
			`city = '".mysql_real_escape_string($row[city])."',`
			`address = '".mysql_real_escape_string($row[address])."',`
			`phone = '".mysql_real_escape_string($row[phone])."',`
			`email = '".mysql_real_escape_string($row[email])."',`
			`courseinfo = '".mysql_real_escape_string($row[courseinfo])."',`
			`moreinfo = '".mysql_real_escape_string($row[moreinfo])."',`
			`directions = '".mysql_real_escape_string($row[directions])."',`
			`register = '".mysql_real_escape_string($row[register])."',`
			`website = '".mysql_real_escape_string($row[website])."',`
			`one_points = ".mysql_real_escape_string($row[one_points]).",`
			`two_points = ".mysql_real_escape_string($row[two_points]).",`
			`three_points = ".mysql_real_escape_string($row[three_points]).",`
			`points = ".mysql_real_escape_string($row[points]).",`
			`pointclass = ".mysql_real_escape_string($row[pointclass])."`
			`WHERE uid = '".($row[race_uid_fk])."'";`
			`//echo $sql;`
			`//exit();`
			`mysql_query($sql) OR die(mysql_error());`

			`$sql = "INSERT INTO gforum_TriathlonsEditors (race_uid_fk, user_id_fk, edit_timestamp) VALUES ('$row[race_uid_fk]', '$row[editor_user_id_fk]', '$row[edit_timestamp]')";`
			`mysql_query($sql) OR die(mysql_error());`

			`$sql = "DELETE FROM gforum_TriathlonsEdits WHERE edit_id = $row[edit_id]";`
			`mysql_query($sql) OR die(mysql_error());`

			`}`

			`}`


			`header('Location: https://slowtwitch.com/calendar/wiki_validate.php');`

			`?>`